Table of ContentsPreviousNextIndex

Put your logo here!



Configuring Network Settings


When configuring new or existing SonicWALL appliances, it is important to make sure that the network and general settings are correct. This section describes how to configure the network settings for SonicWALL appliances running SonicOS Standard. To configure network settings for SonicWALL appliance running SonicOS Enhanced, see Chapter 10, "Configuring Network Settings for SonicOS Enhanced."

This chapter describes how to use the SonicWALL Global Management System (SonicWALL GMS) to configure SonicWALL network settings. Select from the following:

Configuring Network Settings

Note: In order for changes on this page to take effect, the SonicWALL appliance will automatically restart. We recommend scheduling the tasks to run when network activity is low.

The Network settings page is used to configure the network addressing mode, LAN (WorkPort) settings, WAN settings, DMZ (HomePort) settings, and the DNS server address(es).

Note: The Network settings page cannot be used at the Global and Group levels, except for configuring the DNS server address(es).

Before configuring any settings, it is important to determine the network addressing mode. These options include:

Transparent or Standard Mode

When you select Transparent Mode (also known as Standard Mode), Network Address Translation (NAT) is disabled. All nodes on the LAN or WorkPort that will access or be accessed from the Internet must use valid, Internet-accessible IP addresses.

To configure a SonicWALL appliance for transparent network addressing, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings. The Network Settings page appears (Figure 74).
  4. Select Transparent or Standard from the Network Addressing Mode area.
  5. Figure 74: Network Settings Page: Standard Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN or WorkPort interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. Configure the following WAN Settings:
    • WAN Gateway (Router) Address-Address of the router that provides Internet access to SonicWALL appliances.
    • SonicWALL WAN IP Address-This value is automatically set to the SonicWALL LAN (WorkPort) IP Address.
    • WAN/DMZ (HomePort) Subnet Mask-This value is automatically set to the LAN (WorkPort) Subnet Mask.
  9. Enter the IP addresses of the DNS servers in the Other Settings area (maximum of three IP addresses). SonicWALL appliances require the IP address of at least one DNS server to function properly.
  10. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

NAT-Enabled Mode

NAT provides anonymity to machines on the LAN or WorkPort by connecting the entire network to the Internet using a single IP address. This provides security to the internal machines by hiding them from the outside world and conserves IP addresses.

When using NAT, we recommend using internal network IP addresses from a special range. The following IP address ranges are reserved for private IP networks and are not routed on the Internet:

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

If your network uses IP addresses that are not registered to your organization and are not within the private IP address ranges, the servers on the Internet to which those IP addresses belong will not be accessible from your network. For example, if an IP address on your network is 185.5.20.105 and it is not registered to your organization, the server that uses that IP address on the Internet will not be accessible from your network.

Note: If you choose to use NAT, but need to make some machines available to the outside world, use One-to-One NAT. One-to-One NAT maps external IP addresses to private IP addresses. For more information, see "Configuring One-to-One Network Address Translation" on page 88.

To configure a SonicWALL appliance for NAT, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings. The Network Settings page appears (Figure 75).
  4. Select NAT Enabled from the Network Addressing Mode area.
  5. Figure 75: Network Settings Page: NAT Enabled Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN or WorkPort interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. Configure the following WAN Settings:
    • WAN Gateway (Router) Address-Address of the router that attaches the LAN or WorkPort to the Internet.
    • SonicWALL WAN IP (NAT Public) Address-Public IP address used to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).
    • WAN/DMZ (HomePort) Subnet Mask-Determines the subnet to which the public IP address belongs. This is generally supplied by your ISP.
  9. Enter the IP addresses of the DNS servers in the Other Settings section (maximum of three IP addresses).
  10. Note: SonicWALL appliances require the IP address of at least one DNS server to function properly.

  11. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

NAT with DHCP Client Mode

When you select the NAT with DHCP Client mode, the SonicWALL appliance uses DHCP to obtain a dynamic IP address from the ISP and NAT. For more information on NAT, see "NAT-Enabled Mode" on page 77. For more information on configuring DHCP, see Chapter 15, "Configuring Network Settings."

To configure a SonicWALL appliance for NAT with a DHCP client, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings. The Network Settings page appears (Figure 76).
  4. Select NAT with DHCP Client from the Network Addressing Mode area.
  5. Figure 76: Network Settings Page: NAT with DHCP Client Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN (WorkPort) interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. The WAN settings and the DNS server IP addresses are automatically provided by the DHCP server of the service provider. You do not need to configure any parameters in the WAN Settings area.
  9. In the Other Settings area, enter the name of the DHCP server in the Host Name field.
  10. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

NAT With PPPoE Client

When you select the NAT with PPPoE Client mode, the SonicWALL appliance uses PPP over Ethernet (PPPoE) to connect to the Internet. PPPoE is required by some ISPs to authenticate users over broadband Internet access devices (e.g., DSL, cable modems, wireless). Note that when using NAT for the PPPoE client, the password appears in clear text.

Note: When this mode is selected, the SonicWALL LAN (WorkPort) IP Address is used as the gateway address for computers on the LAN or WorkPort.

To configure a SonicWALL appliance for NAT with PPPoE, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings.The Network Settings page appears (Figure 77).
  4. Select NAT with PPPoE Client from the Network Addressing Mode area.
  5. Figure 77: Network Settings Page: NAT With PPPoE Client Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN or WorkPort interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. Configure the following ISP Settings:
    • User Name-username provided by the ISP.
    • Password-password used to authenticate the username with the ISP. This field is case-sensitive.
  9. To specify how long the SonicWALL appliance waits before disconnecting from the Internet, enter the amount of time in the inactivity field.
  10. Select from the following:
    • To configure the SonicWALL appliance(s) to dynamically obtain an IP address, select Obtain an IP Address automatically.
    • To configure the SonicWALL appliance(s) to use a fixed IP address, select Use the following IP Address and enter the IP address.
  11. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

NAT With L2TP Client

When you select the NAT with L2TP Client mode, the SonicWALL appliance uses Layer Two Tunneling Protocol (L2TP) to connect to the Internet.

Note: When this mode is selected, the SonicWALL LAN (WorkPort) IP Address is used as the gateway address for computers on the LAN or WorkPort.

To configure a SonicWALL appliance for NAT with L2TP, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings.The Network Settings page appears (Figure 78).
  4. Select NAT with L2TP Client from the Network Addressing Mode area.
  5. Figure 78: Network Settings Page: NAT With L2TP Client Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN or WorkPort interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. Select from the following WAN settings:
    • To configure the SonicWALL appliance to dynamically obtain an IP address, select Obtain an IP address using DHCP.
    • To configure the SonicWALL appliance to use fixed settings, select Use the specified IP address and enter the following:
      • SonicWALL WAN IP (NAT Public) Address-Public IP address used to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).
      • WAN Gateway (Router) Address-Address of the router that attaches the LAN (WorkPort) to the Internet.
      • WAN/DMZ (HomePort) Subnet Mask-Determines the subnet to which the public IP address belongs. This is generally supplied by your ISP.
  9. Enter the IP address of the DNS server in the DNS Server 1 field.
  10. Configure the following ISP L2TP Settings:
    • L2TP Host Name-this information is provided by your ISP.
    • L2TP Server IP Address-this information is provided by your ISP.
    • User Name-username provided by the ISP.
    • Password-password used to authenticate the username with the ISP. This field is case-sensitive.
  11. To specify how long the SonicWALL appliance(s) wait before disconnecting from the Internet, select the Disconnect after check box and enter the amount of time.
  12. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

NAT With PPTP Client

When you select the NAT with PPTP Client mode, the SonicWALL appliance uses Point-to-Point Tunneling Protocol (PPTP) to connect to the Internet.

When this mode is selected, the SonicWALL LAN (WorkPort) IP Address is used as the gateway address for computers on the LAN or WorkPort.

To configure a SonicWALL appliance for NAT with PPTP, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click Settings.The Network Settings page appears (Figure 79).
  4. Select NAT with PPTP Client from the Network Addressing Mode area.
  5. Figure 79: Network Settings Page: NAT With PPTP Client Mode

  6. Configure the following LAN (WorkPort) Settings:
    • SonicWALL LAN (WorkPort) IP Address-IP address assigned to the SonicWALL LAN or WorkPort interface. This address is also used for configuration and monitoring.
    • LAN (WorkPort) Subnet Mask-Determines the subnet to which the LAN or WorkPort IP address belongs.
  7. To add an additional subnet, enter the IP address and subnet in the Network Gateway and Subnet Mask fields.
  8. Select from the following WAN settings:
    • To configure the SonicWALL appliance to dynamically obtain an IP address, select Obtain an IP address using DHCP.
    • To configure the SonicWALL appliance to use fixed settings, select Use the specified IP address and enter the following:
      • SonicWALL WAN IP (NAT Public) Address-Public IP address used to access the Internet. All activity on the Internet will appear to originate from this address. This IP address must be valid and is generally supplied by your Internet Service Provider (ISP).
      • WAN Gateway (Router) Address-Address of the router that attaches the LAN (WorkPort) to the Internet.
      • WAN/DMZ (HomePort) Subnet Mask-Determines the subnet to which the public IP address belongs. This is generally supplied by your ISP.
  9. Enter the IP address of the DNS server in the DNS Server 1 field. Configure the following ISP PPTP Settings:
    • PPTP Host Name-this information is provided by your ISP.
    • PPTP Server IP Address-this information is provided by your ISP.
    • User Name-username provided by the ISP.
    • User Password-password used to authenticate the username with the ISP. This field is case-sensitive.
  10. To specify how long the SonicWALL appliance(s) wait before disconnecting from the Internet, select the Disconnect after check box and enter the amount of time.
  11. When you are finished, click Update. The settings are changed for the selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring Web Proxy Settings

A proxy server intercepts all requests to web servers on the Internet. As users access websites, the data is cached on the proxy server. This improves Internet response and lessens the load on the Internet link. For example, suppose a school is using the Internet for a research project. A student requests a certain Web page, and then sometime later, a second student requests the same page. Instead of forwarding the request to the Web server where the page resides, the proxy server returns the local copy of the page that was cached when the first student accessed the page.

The problem with a proxy server is that each client must be configured to support the proxy, creating unnecessary administrative problems. If a proxy server is already installed on the LAN (WorkPort), instead of configuring each client to point to the proxy server, move it to the WAN and enable automatic proxy forwarding. SonicWALLs can automatically forward all Web proxy requests to proxy servers without client configuration.

Note: The proxy server must be located on the WAN; it may not be located on the LAN (WorkPort).

Configuration

To configure web proxy settings, follow these steps:

Note: In order for changes on this page to take effect, the SonicWALL(s) will automatically be restarted. We recommend configuring these options when network activity is low.

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Network tree and click Web Proxy. The Web Proxy page appears (Figure 80).
  4. Figure 80: Web Proxy Page

  5. Enter the IP address of the proxy server in the Proxy Web Server field.
  6. Enter the web server port of the proxy server in the Proxy Web Server Port field.
  7. Normally, if a proxy server fails, clients behind the SonicWALL appliance will not be able to access the Internet. To allow clients to bypass the proxy server in the event that it fails or becomes unavailable, select the Bypass Proxy Servers Upon Proxy Server Failure check box.
  8. If you have clients configured on the DMZ, select Forward DMZ Client Requests to Proxy Server.
  9. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring Intranet Settings

SonicWALLs can be installed between LAN segments of intranets to prevent unauthorized access to certain resources. For example, if the administrative offices of a school are on the same network as the student computer lab, they can be separated by a SonicWALL.

Figure 81 shows how a SonicWALL appliance can be installed between two network segments on an Intranet.

Figure 81: SonicWALL Intranet Configuration

Note: Devices connected to the WAN port do not have firewall or content filter protection. To protect these units, install another SonicWALL appliance between the Internet and devices connected to the WAN port of the other SonicWALL appliance.

Configuration

Although the systems on the WAN and LAN links are separated, they are still on the same subnet. Consequentially, you must make the systems on the larger network aware of the systems on the smaller network. To do this, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click Intranet. The Intranet page appears (Figure 82).
  4. Figure 82: Intranet Page

  5. Select from the following:
    • If the SonicWALL is not used to separate LAN segments on the intranet, select SonicWALL's WAN link is connected to the Internet Router.
    • If the smaller network is connected to the LAN, select Specified addresses are attached to the LAN (WorkPort) link.
    • If the smaller network is connected to the WAN, select Specified addresses are attached to the WAN link.
  6. Enter the IP address or IP address range of a system or group of systems on the smaller network:
    • To enter a single IP address, enter the IP address in the Addr Range Begin field.
    • To enter a range of IP addresses, enter the starting IP address in the Addr Range Begin field and the ending IP address in the Addr Range End field.
    • Click Add Range.
  7. Repeat Step 5 for each IP address or IP address range on the smaller network.
  8. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.
  9. To define which services can be accessed from outside the restricted network segment, see Chapter 11, "Configuring Firewall Settings."

Configuring Routes

If the LAN(s) have internal routers, their addresses and network information must be entered into the SonicWALL(s). To add an internal router, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click Routes. The Routes page appears (Figure 83).
  4. Figure 83: Routes Page

  5. Select whether the router is connected to the LAN (WorkPort), WAN, or DMZ (HomePort) interface from the the Link list box.
  6. Enter the destination network IP addresses in the Destination Network and Subnet Mask fields.
  7. Enter the IP address of the router in the Gateway field.
  8. Click Add Route. Repeat Step 4 through 6 for each route that you want to add.
  9. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring Routing Information Protocol

RIP is a distance-vector routing protocol that is commonly used in small homogeneous networks. Using RIP, a router will periodically send its entire routing table to its closest neighbor, which passes the information to its next neighbor, and so on. Eventually, all routers within the network will have the information about the routing paths. When attempting to route packets, a router will check the routing table and select the path that requires the fewest hops.

RIP is not supported by all SonicWALL appliances.

To configure RIP, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click RIP. The Routes page appears (Figure 84).
  4. Figure 84: RIP Page

  5. Select from the following RIP options on the LAN interface:
    • Select the RIP version from the RIP Advertisements list box:
      • RIPv1 Enabled-first version of RIP.
      • RIPv2 Enabled (multicast)-sends route advertisements using multicasting (a single data packet to specific nodes on the network).
      • RIPv2 Enabled (broadcast)-sends route advertisements using broadcasting (a single data packet to all nodes on the network).
    • To advertise static routes that you specified on the Routes page, select the Advertise Static Routes check box.
    • To set the amount of time between a VPN tunnel state change and the time the change is advertised, enter a value in the Route Change Damp Time field (default: 30 seconds).
    • To specify the number of advertisements that are sent after a route is deleted, enter a value in the Deleted Route Advertisements field (default: 5 advertisements).
    • By default, the connection between this router and its neighbor counts as one hop. However, there are cases where you want to discourage or reduce the use of this route by adding additional hops. To change the hop count of this route, enter the number of hops in the Route Metric field.
    • Optional. If RIPv2 is selected from the Route Advertisements list box, you can enter a value for the Route Tag. This value is implementation-dependent and provides a mechanism for routers to classify the originators of RIPv2 advertisements.
    • Optional. Select from the following RIPv2 Authentication options:
      • User Defined-Enter 4 hex digits in the Authentication Type field and 32 hex digits in the Authentication Data field.
      • Cleartext Password-Enter a password (16 characters or less) in the Authentication Password field.
      • MD5 Digest-Enter a numerical value from 0-255 in the Authentication Key-Id field. Enter a 32 hex digit value for the Authentication Key field, or use the generated key.
  6. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring DMZ (HomePort) Addresses

SonicWALL appliances protect users by preventing Internet users from accessing systems within the LAN (WorkPort). However, this security also prevents users from reaching servers intended for public access, such as web and mail servers.

To allow these services, many SonicWALL models have a special Demilitarized Zone (DMZ) port (also known as the HomePort) which is used for public servers. The DMZ sits between the LAN (WorkPort) and the Internet. Servers on the DMZ are publicly accessible, but are protected from denial of service attacks such as SYN Flood and Ping of Death.

Although the DMZ port is optional, it is strongly recommended for public servers or when connecting the servers directly to the Internet where they are not protected.

Note: Some newer SonicWALL appliances have one or more OPT ports that can be configured as a DMZ port. For more information, see "Configuring Interface Network Settings" on page 94.

Configuration

Each server on the DMZ port or HomePort requires a unique, publishable Internet IP address. The ISP that provides your Internet connection should be able to provide these addresses.

To add DMZ (HomePort) IP addresses, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click DMZ Addresses. or HomePort Addresses.
  4. The DMZ/HomePort Addresses page appears (Figure 85).
  5. Figure 85: DMZ Addresses Page

  6. Select from the following:
    • If the devices on the DMZ will use fixed IP addresses, select DMZ (HomePort) in Standard Mode. Then, enter the starting IP address in the Addr Range Begin field, the ending IP address in the Addr Range End field, and click Add Range. Repeat this step for each range of IP addresses.
    • To enter a single IP address, enter the IP address in the Addr Range Begin field.
    • If the devices on the DMZ or HomePort will use NAT, select DMZ (HomePort) in NAT Mode and do the following:
      • Enter the private internal IP address assigned to the DMZ or HomePort interface in the DMZ (HomePort) Private Address field.
      • Assign a subnet mask in the DMZ or HomePort Subnet Mask field. The LAN (WorkPort) and DMZ (HomePort) can have the same subnet mask, but the subnets must be different. For instance, the LAN subnet can be 192.168.0.1 with a subnet mask of 255.255.255.0, and the DMZ subnet can be 172.16.18.1 with a subnet mask of 255.255.255.0.
      • To define a DMZ or HomePort public IP address that will be used to access devices on the DMZ interface, enter an IP address in the DMZ (HomePort) NAT Many to One Public Address field (Optional).
  7. Select from the following:
    • To enter a single IP address, enter the IP address in the Addr Range Begin field.
    • To enter a range of IP addresses, enter the starting IP address in the Addr Range Begin field and the ending IP address in the Addr Range End field.
  8. Click Add Range.
  9. To enter additional IP addresses and IP address ranges, repeat Steps 6 and 7.
  10. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring One-to-One Network Address Translation

One-to-One NAT maps valid external IP addresses to internal addresses hidden by NAT. This enables you to hide most of your network by using internal IP addresses. However, some machines may require access. This enables you to allow direct access when necessary.

To do this, assign a range of internal IP addresses to a range of external IP addresses of equal size. The first internal IP address will correspond to the first external IP address, the second internal IP address to the second external IP address, and so on.

For example, if an ISP has assigned IP addresses 209.19.28.16 through 209.19.28.31 with 209.19.28.16 as the NAT public address and the address range 192.168.168.1 through 192.168.168.255 is used on the LAN (WorkPort), the following table shows how the IP addresses will be assigned.

Table 1: One-to-One NAT Example
LAN Address
WAN Address
Accessed Via
192.168.168.1
209.19.28.16
Inaccessible, NAT public IP address
192.168.168.2
209.19.28.17
209.19.28.17
192.168.168.3
209.19.28.18
209.19.28.18
[...]
[...]
[...]
192.168.168.16
209.19.28.31
209.19.28.31
192.168.168.16
No corresponding IP address
No corresponding IP address
[...]
[...]
[...]
192.168.168.16
No corresponding IP address
No corresponding IP address

Configuration

To configure One-to-One NAT, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click One-to-One NAT. The One-to-One NAT page appears (Figure 86).
  4. Figure 86: One-to-One NAT Page

  5. Select the Enable One-to-One NAT check box.
  6. Enter the first IP address of the internal IP address range in the Private Range Begin field.
  7. Enter the first corresponding external IP address in the Public Range Begin field.
  8. Note: Do not include the NAT Public IP Address in a range.

  9. Enter the number of IP addresses in the range in the Range Length field.
  10. Click Add Range.
  11. To add additional IP address ranges, repeat Step 5 through 8 for each range. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring Ethernet Settings

This section describes how to configure Ethernet settings on each port of the SonicWALL appliance(s). To configure Ethernet settings, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select the global icon, a group, or a SonicWALL appliance.
  3. Expand the Advanced tree and click Ethernet.
  4. The Ethernet page appears (Figure 87).
  5. Figure 87: Ethernet Page

  6. Select from the following WAN Link settings:
    • To configure the WAN link to automatically negotiate Ethernet settings, select Auto Negotiate.
    • To specify WAN link settings, select Force and select the speed and duplex settings.
  7. Select from the following DMZ (HomePort) Link settings:
    • To configure the DMZ (HomePort) to automatically negotiate Ethernet settings, select Auto Negotiate.
    • To specify DMZ (HomePort) link settings, select Force and select the speed and duplex settings.
  8. Select from the following LAN (WorkPort) Link settings:
    • To configure the LAN link to automatically negotiate Ethernet settings, select Auto Negotiate.
    • To specify LAN link settings, select Force and select the speed and duplex settings.
  9. If you are managing the Ethernet connection from the LAN (WorkPort) side of your network, select the Proxy Management Workstation Ethernet Address on WAN check box. The SonicWALL appliance will take the Ethernet address of the computer that is managing the SonicWALL appliance and will proxy the address on the WAN port of the SonicWALL. If you are not managing the SonicWALL appliance from the LAN side of your network, the firmware looks for a random computer on the LAN which can be a lengthy search process.
  10. To limit the size of packets sent over the Ethernet WAN interface, select the Fragment Outbound Packets Larger than the WAN MTU check box and enter the maximum size in the WAN MTU field.
  11. If the maximum transmission unit (MTU) size is too large for a remote router, it may require more transmissions. If the packet size is too small, this could result in more packet header overhead and more acknowledgements that have to be processed. The default size is 1,500 MTU.

  12. To enable bandwidth management, select the Enable check box and enter the bandwidth of the connection in the Available Bandwidth field.
  13. When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.

Configuring ARP

ARP (Address Resolution Protocol) maps layer 3 (IP addresses) to layer 2 (physical or MAC addresses) to enable communications between hosts residing on the same subnet. ARP is a broadcast protocol that can create excessive amounts of network traffic on your network. To minimize the broadcast traffic, an ARP cache is maintained to store and reuse previously learned ARP information.

To configure ARP, follow these steps:

  1. Start and log into SonicWALL GMS.
  2. Select a SonicWALL appliance.
  3. Expand the Network tree and click ARP. The ARP page appears (Figure 88).
  4. Figure 88: ARP Page

  5. To configure a specific length of time for the entry to time out, enter a value in minutes in the ARP Cache entry time out field.
  6. To view ARP cache information, click Request ARP Cache display from unit(s).


SonicWALL, Inc.
http://www.sonicwall.com
1160 Bordeaux Drive
Sunnyvale, CA 94089-1209
Table of ContentsPreviousNextIndex